[英]Getting ERR_TOO_MANY_REDIRECTS on Ingress with HTTPS web services
我有一個運行在自定義節點上的 Rancher 集群(v2.4.5),配置如下:
user nginx;
worker_processes 4;
worker_rlimit_nofile 40000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 8192;
}
http {
upstream rancher_servers {
least_conn;
server <MY_NODE_IP>:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443 ssl http2;
server_name example.com service1.example.com service2.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://rancher_servers;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 900s;
}
}
}
防火牆規則沒問題,我可以部署僅在端口 80 上運行的小型 Web 應用程序,並自動重定向到 HTTPS。 我用來部署東西的 YAML 的一個例子如下:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: www-deployment
labels:
app: www
spec:
replicas: 1
selector:
matchLabels:
app: www
template:
metadata:
labels:
app: www
spec:
containers:
- name: www
image: my-www-image
---
kind: Service
apiVersion: v1
metadata:
name: www-service
spec:
selector:
app: www
ports:
- port: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: www-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: service1.example.com
http:
paths:
- path: /
backend:
serviceName: www-service
servicePort: 80
問題是當我嘗試部署在端口 80 和 443 上運行的服務時,但在端口 80 上請求時,會自動重定向到端口 443。在這種情況下,如果我像下面這樣指定 Ingress(使用端口 443),我收到Bad Gateway
響應,但不是來自主機 NGINX 。 我可以這么說,因為我的主機運行nginx/1.18.0
並且響應來自nginx/1.17.10
。
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: www-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: service1.example.com
http:
paths:
- path: /
backend:
serviceName: www-service
servicePort: 443
但是,如果我將上面的配置更改為servicePort: 80
,我會不斷收到 ERR_TOO_MANY_REDIRECTS,因為它進入了從任何東西重定向到https://anything
的無限循環。
我在這里做錯什么了嗎? 我該如何解決這些問題?
發現了。 事實證明,我唯一需要做的就是告訴 nginx-ingress-controller 我期待 HTTPS 連接。 用於公開服務的最終 YAML 如下:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: www-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: service1.example.com
http:
paths:
- path: /
backend:
serviceName: www-service
servicePort: 443
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.